PYSEC-2020-63

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/manila/PYSEC-2020-63.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2020-63

Aliases

Published

2020-03-12T17:15:00Z

Modified

2024-04-29T10:41:28.463750Z

Summary

[none]

Details

OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.

References

Affected packages

PyPI / manila

Package

Name: manila; View open source insights on deps.dev
Purl: pkg:pypi/manila

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4.1

Introduced

8.0.0

Fixed

8.1.1

Introduced

9.0.0

Fixed

9.1.1

Affected versions

4.*

4.0.2

5.*

5.0.2

5.0.3

5.1.0

6.*

6.1.0

6.2.0

6.3.0

6.3.1

6.3.2

7.*

7.0.0

7.1.0

7.2.0

7.3.0

7.4.0

8.*

8.0.0

8.0.1

8.1.0

9.*

9.0.0

9.1.0